1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Once thought safe, WPA Wifi Encryption is Cracked

Discussion in 'News' started by wagnerk, Nov 10, 2008.

  1. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator


    Once thought safe, WPA Wifi Encryption is Cracked

    Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

    The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

    To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer.

    They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack.

    Read the whole story here.

    This was bound to happen, everyone now use WPA2 :)

    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip


    1. greenbrucelee
      WPA2 yep, but that'll get cracked at somepoint :(

      I am not sure it's a good idea to tell people how it's been cracked all you need is some unscroupulous person to be told how it was done and we will have new wave of viruses and spammage attacks.
    2. tripwire45
      Good thing my son moved out. He was the only one at home using wireless. After he left, I turned off the service. :wink:
    3. Obinna Osobalu
      Obinna Osobalu
      Wireless security has always been a subject of discussion or rather arguements. Never seemed secure enough as in seemed more susceptible to attacks. am not the least surprised
    4. Obinna Osobalu
      Obinna Osobalu
      WPA2 enterprise or personal or both. Which one are you actually reffering to.
    5. zebulebu
      This is a nonsensical article. No-one in their right mind uses WPA with WPA2 available for goodness sake! The mere fact that its vulnerable to a dictionary attack tells you that its about as secure as a milkshake.

      All this 'attack' is doing is speeding up the process of being hacked by exploiting a weakness in TKIP - like I said, hardly a problem if you use an ounce of common sense and use WPA2!
    6. supernova
      So is WPA2
    7. Obinna Osobalu
      Obinna Osobalu
      Dude you better give a moment on this before you start letting out steam:dry

      WPA2 Finally Cracked?
      Technically, ElcomSoft isn’t claiming to have cracked WPA2 per se, but rather to have drastically accelerated the processes of cracking the password. This is done using good old brute force methodology, i.e. guessing the password very rapidly. In the press release, ElcomSoft claims to achieve up to 100x the brute force capabilities of classic CPU-based attacks by employing GPUs instead:

      Moscow, Russia (PRWEB) October 9, 2008 — ElcomSoft Co. Ltd. accelerates the recovery of WPA and WPA2 encryption used in the Wi-Fi protocol by employing the new-generation NVIDIA video cards. ElcomSoft patent-pending GPU acceleration technology implemented in Elcomsoft Distributed Password Recovery allows using laptop, desktop or server computers equipped with supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than by using CPU only.

      High-end GPUs have already proven their effectiveness in mathematically complex physics simulations, so it should come as no great surprise that this technology might be leveraged in brute force password cracking operations. Still, based on the information one can glean from their somewhat vague press release, there are some serious questions the security community should be asking.

      Think you take a second thought before you jump to WPA2 defence:rolleyes: because it wont be long..

      More info HERE
    8. hbroomhall
      And if you are running XP and haven't patched your machine fully you will find that WPA2 won't work for you.

      WPA2 was available under SP2 with a hotfix, and was included in SP3.

      The other day I was setting up a WiFi for a friend, and because he hadn't bothered to patch his laptop (and, looking at the mess on it I wasn't going to try) I had to use WPA rather than WPA2.

    9. zebulebu
      Now where did I say that WPA2 would never be cracked? I said that anyone using WPA instead of WPA2 needed their head examined. At no point did I say that WPA2 was uncrackable. FWIW, WPA2 with a suitably long random passphrase is about as uncrackable as it is possible to get at present. Use that and you will be so far ahead of the curve that the only people who would even bother trying to pwn you would be people doing it for the challenge... and it should be pretty damn easy to spot them since it would take them.... ooooh, I don't know.... about eight billion years or so of absolutely rinsing your router dry trying to brute force a 63 character random passphrase.

      Zeb - sat here with WPA2-PSK/TKIP... Now where's my tinfoil hat?
    10. zebulebu
      Sorry Harry - zoned out there.

      Since we're talking about security I naturally assume anyone with even a semblance of a Danny would be patched up already. if they're not - I wouldn't waste my time fannying about with WPA2 - I'd just disable the wireless - they're obviously too stupid to be trusted with it.
    11. Obinna Osobalu
      Obinna Osobalu
      :eek:Forgive me but am actually trying to figure out if this is Latin or English.. whichever it is i think you know what you said though
    12. zebulebu
      Fella - what exactly is your problem? I'm not going to get drawn into a flame war with you - but cut the nonsense out alright?
    13. zxspectrum
      Latin???? what????

      Have i missed a few pages of text here???

    14. nugget
      The article that you refer to is a bit of an attention grabber from ElcomSoft and really isn't worth anything.

      Do you have any suggestions as to what everybody should be using then if WPA2 is so unsafe?
    15. Obinna Osobalu
      Obinna Osobalu
      Was actually trying to let my dear friend Zebulebu know that WPA2 can be compromised if not now, much later and of course other form of encryption will always come up in the near future., I believe thats what technology is all about So I was not actually making suggestions on what we should be using now because as of now WPA2 is the best form of encryption for WIFI.
    16. Obinna Osobalu
      Obinna Osobalu

      Temper temper temper. "be like water my friend" picked up that line from another friend
    17. hbroomhall
      I may have patched my machines, but in the real world of ordinary techie-challenged people machines are not patched and full of nasties. I would quickly lose friends if I took the attitude that they are too stupid! :twisted: Particularly when doing things as a favour.

      In the commercial world, as a consultant, of course I could impose more stringent conditions.

    18. nugget
      I think he knows that, probably better than a lot of us mere mortals. It's never been a question of if but more when it will be cracked.
    19. supernova

      We did some stuff with non graphical matrix math through the opengl api so we could take advantage of a GPUs at UNI. Which is similar to ElcomSofts research.

      ElcomSoft's earlier stuff was infact based around xboxs but that's another story

      As for WPA2 been cracked you have been able to find examples on the net for ages.
      I have been cracking simple keys myself as ethical hacker hobbyist.

      Just need to build that cluster :wink:

    Share This Page